📊 2025 OT Cyber Threat Report - Key takeaways
Andrew Ginter
Most widely-read author in the industrial security space | VP Industrial Security | Podcast Host | Author | Speaker | MS, CISSP, ISP, ITCP
2024’s incident data is now available for deliberate cyber attacks with physical consequences, in heavy industry and critical industrial infrastructures, in the public record. The 2025 OT Cyber Threat Report is courtesy of Waterfall Security and ICS Strive incident repository.
There were 76 attacks in 2024 that met the inclusion criteria, affecting over 1000 sites. Other highlights:
Nation-state attacks with physical consequences tripled in 2024 compared to the previous year (six attacks in 2024 up from two in 2023).
This year’s 76 attacks are a 5% increase over attacks in 2023.
The transportation industry was the single biggest vertical impacted by this type of attack in 2024, with 37% of the victims.
The discrete manufacturing and transportation industries continue to dominate as victims of OT attacks with physical consequences.
Three new ICS/OT-capable malware types were discovered in 2024, versus only 7 in the preceding 15 years.
The report includes many other data points and analysis by the drafting team who read in painful detail an enormous amount of raw material in the course of preparing the report. Insights include:
There is a real chance that new SEC & similar rules requiring public disclosure of material incidents are reducing the number of public reports rather than increasing the amount of attack detail available,
Discussion of near misses (not included in the data set), developments in GPS spoofing, and nation-state campaigns, and
Reporting highlights of defensive innovations and developments in 2024 as well.
The report is an easy read – only 22 pages of “payload” with lots of graphics. The report appears much longer than that, but most of that is because the entire data set is included in the 43-page Appendix in case you want to dig into detail or paste the data into Excel to crunch it in different ways.
Click here to access all the data and download the full report for free.
We hope you find the material useful. Feedback is welcome.
Andrew
Protecting Critical Infrastructure | Secure IT/OT Integration & Hardware-Enforced Remote Access
3moMind-boggling report. If you're in charge ot securing your OT environment, check it out.
Sr. Presales EPS Engineer
3moEye-opening summary every OT professional should read!
Industrial Cybersecurity | Securing critical infrastructure | Enable safe IT/OT integration
3moA must-read for anyone in OT security! Andrew breaks down the key takeaways from our new 2025 OT Cyber Threat Report.
Securing critical infrastructure | Enabling safe IT/OT integration
3moEveryone's talking about IT/OT convergence—but are we ignoring the real threat signals hiding in plain sight? Just read this breakdown of the 2025 OT Cyber Threat Report and couldn’t help but reflect: too often, we chase headlines instead of patterns. If you're navigating the chaos of securing critical infrastructure, this one's worth your time.
Solid breakdown of a year that changed a lot for OT security. Data-driven insights like these are what help us stay ahead instead of just reacting.